Too many organisations are relying on IT departments to protect company information, particularly sensitive data that is shared electronically and must meet compliance regulations.
That’s the view of Jason Kaminski, a consultant at Australian IT services provider iFocus.
Issues surrounding document integrity have come to the fore in recent months as a result of a high-profile case involving the Victorian state police.
The database breach led Victoria premier Steve Bracks to declare he was “sick and tired” of security breaches involving classified files.
iFocus’ Kaminski says organisations need to make their employees “information literate” by creating a culture of best practice for the entire life cycle of company information.
“Most employees are expected to create, use and manage information and make informed decisions,” he says.
Kaminski says successfully managing information requires a focus on two very different areas: technical tools and human behaviour.
He says there’s too much reliance on the technical side when it comes to storing and managing structured data.
“Business rules and procedures provide governance for managing information, but it is people’s ability to understand and interpret those rules that often fails,” he says.
However, software vendor Workshare believes technology is the solution because most document integrity policies are flawed because of the fact the onus is on people to make manual checks rather than use software to do it for them.
Workshare’s Asia–Pacific general manager, Andrew Pearson, says information integrity is too important to be left to the mercy of human error.
Workshare recently launched part one of a global campaign, entitled Five Steps to Document Integrity, to combat a phenomenon known as the Inside-Out threat.
This is the opposite of malicious external threats such as hacking or computer virus attacks, which most companies’ security strategies are set up to combat.
Pearson says the inside-out threat is still not taken seriously.
“The inside-out threat is still not understood or taken seriously. Many companies believe they have effective data governance policies and document integrity solutions. Frankly, many don’t,” he says.